128 Security Blogs

Last Updated: 03 Apr 25 01:19 UTC

Blog List | Github | OPML

2025-04-02

Rapid7
Preview the Action: Two New Sessions Available Before Take Command 2025

Rapid7
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Malwarebytes
“Nudify” deepfakes stored unprotected online

Malwarebytes
“Urgent reminder” tax scam wants to phish your Microsoft credentials

Schneier on Security
Rational Astrologies and Security

Fastly
Future-Proofing TLS Encryption Against Quantum Threats

Evan Connelly
Hacking the Call Records of Millions of Americans

Datadog HQ
Reduce costs and enhance security with cross-region Datadog connectivity using AWS PrivateLink

Satoshi's Blog
What keeps kernel shadow stack effective against kernel exploits?

Amazon Security
AWS achieves Cloud Security Assurance Program (CSAP) low-tier certification in AWS Seoul Region

Amazon Security
Planning for your IAM Roles Anywhere deployment

Eclypsium
Eclypsium @ RSAC 2025

SentinelOne
The Overlooked Six | AWS Security Blind Spots

Dark Reading
DPRK 'IT Workers' Pivot to Europe for Employment Scams

Dark Reading
In Salt Typhoon's Wake, Congress Mulls Potential Options

Dark Reading
How an Interdiction Mindset Can Help Win War on Cyberattacks

Dark Reading
Gootloader Malware Resurfaces in Google Ads for Legal Docs

Dark Reading
Malaysian Airport's Cyber Disruption a Warning for Asia

ReversingLabs
CVEs lose relevance: Get proactive — and think beyond vulnerabilities

Meta Security
Meta Open Source: 2024 by the numbers


2025-04-01

Rapid7
A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub

Rapid7
What’s New in Rapid7 Products & Services: Q1 2025 in Review

Malwarebytes
Intimate images from kink and LGBTQ+ dating apps left exposed online

Github Security Blog
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help

Cloudflare
“You get Instant Purge, and you get Instant Purge!” — all purge methods now available to all customers

Schneier on Security
Cell Phone OPSEC for Border Crossings

Fastly
#hugops for vibe coders

Microsoft Security
Transforming public sector security operations in the AI era

Datadog HQ
Manage PCI DSS v4.0.1 requirements with Datadog

Datadog HQ
Simplify multi-cloud cost management with FOCUS and Datadog

Datadog HQ
This Month in Datadog - March 2025

SpiderLabs
Babuk2 Bjorka: The Evolution of Ransomware for ‘Data Commoditization’

watchTowr Labs
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

Elastic Security Labs
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

Auth0
March 2025 Updates: What’s New in Auth0 (Developer Edition)

Snyk
Get Off My Lawn and Fix Your Vulnerabilities!

Snyk
Q&A Session with Snyk & John Hammond: Your Fetch the Flag Questions, Answered

Hunt and Hackett
The Evolving Threat of OT: Do You Know Your Weak Spots?

The Citizen Lab
Gender-Based Digital Transnational Repression and the Authoritarian Targeting of Women in the Diaspora

Dark Reading
Google Brings End-to-End Encryption to Gmail

Dark Reading
Visibility, Monitoring Key to Enterprise Endpoint Strategy

Dark Reading
Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Dark Reading
As CISA Downsizes, Where Can Enterprises Get Support?

Dark Reading
Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill

Dark Reading
Check Point Disputes Hacker's Breach Claims

Dark Reading
FDA's Critical Role in Keeping Medical Devices Secure

Dark Reading
Google 'ImageRunner' Bug Enabled Privilege Escalation

Dark Reading
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks

Mozilla Security
Updated GPG key for signing Firefox Releases

Bishop Fox Security
SonicWall-CVE-2024-53704: Exploit Details

Bishop Fox Security
Tomcat CVE-2025-24813: What You Need to Know

ReversingLabs
OpenSSF guidelines encourage OSS developers to build securely

Compass Security Blog
I wannabe Red Team Operator

Palo Alto Networks
Platformization Maximizes Security Efficacy & IT Operations Efficiency

TrustedSec
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause


2025-03-31

Rapid7
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Malwarebytes
Why we’re no longer doing April Fools’ Day 

Malwarebytes
A week in security (March 24 – March 30)

Schneier on Security
The Signal Chat Leak and the NSA

Microsoft Security
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

Microsoft Security
New innovations in Microsoft Purview for protected, AI-ready data

Datadog HQ
Enrich your existing Datadog telemetry with custom metadata using Reference Tables

Datadog HQ
Monitor the performance of queues and topics with Azure Service Bus

Datadog HQ
Remediate Kubernetes incidents faster using private actions in your apps and workflows

Talos Intelligence
Beers with Talos: Year in Review episode

Talos Intelligence
Available now: 2024 Year in Review

Dark Reading
Oracle Cloud Users Urged to Take Action

Dark Reading
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks

Dark Reading
Top 10 Most-Used RDP Passwords Are Not Complex Enough

Dark Reading
DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme

Dark Reading
CISA Warns of Resurge Malware Connected to Ivanti Vuln

Dark Reading
Trend Micro Open Sources AI Tool Cybertron

Dark Reading
Bridging the Gap Between the CISO & the Board of Directors

Dark Reading
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Kevin Beaumont
Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

White Knight Labs
Windows Kernel Buffer Overflow

Bishop Fox Security
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Meta Security
Mobile GraphQL at Meta in 2025

Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack

Moonlock
Why does my search keep switching to Yahoo, and what is the Yahoo virus?


2025-03-30

Troy Hunt
Weekly Update 445

Ars Technica Security
FBI raids home of prominent computer scientist who has gone incommunicado


2025-03-28

Rapid7
Metasploit Wrap-Up 03/28/2025

Rapid7
Overcoming the Challenges of Vulnerability Remediation

Malwarebytes
Vulnerability in most browsers abused in targeted attacks

Schneier on Security
Friday Squid Blogging: Squid Werewolf Hacking Group

Schneier on Security
AIs as Trusted Third Parties

Fastly
Making the Internet Sustainable— Starting from Its Infrastructure

Amazon Security
AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance

MalwareTech
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 13

Talos Intelligence
Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Dark Reading
GSA Plans FedRAMP Revamp

Dark Reading
Evilginx Tool (Still) Bypasses MFA

Dark Reading
Oracle Still Denies Breach as Researchers Persist

Dark Reading
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market

Dark Reading
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

Dark Reading
SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

Dark Reading
Malaysia PM Refuses to Pay $10M Ransomware Demand

Dark Reading
Concord Orthopaedic Notifies Individuals of Security Incident

Dark Reading
Navigating Cyber-Risks and New Defenses

Dark Reading
Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen

Ars Technica Security
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII

Ars Technica Security
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini

Searchlight Cyber
Russian Zero-Day Seller Offers $4m For Exploits in Telegram

Palo Alto Networks
Addressing Federal Cybersecurity Challenges in the Cloud Era

TrustedSec
MCP: An Introduction to Agentic Op Support

Hay Mizrachi
Hunting 12 Zero Days in Popular WooCommerce Plugins - A Research Journey

Moonlock
Has your Gmail been hacked? Here’s how to tell and how to recover your account

Moonlock
New phishing attack convinces users their Mac is locked

Moonlock
What is the Bing redirect virus, and how do you remove Google redirects to Bing?


2025-03-27

Rapid7
Unpacking a post-compromise breach simulation with Vector Command

Malwarebytes
“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen

Malwarebytes
Moving from WhatsApp to Signal: A good idea?

Schneier on Security
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

Microsoft Security
US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

Eclypsium
Juniper Routers, Network Devices Targeted with Custom Backdoors

SentinelOne
GPU Device Plugins | Unveiling Risks in Kubernetes Workloads

Talos Intelligence
Money Laundering 101, and why Joe is worried

Dark Reading
Hoff's Rule: People First

Dark Reading
How CISA Cuts Impact Election Security

Dark Reading
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

Dark Reading
DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

Dark Reading
Student-Powered SOCs Train Security's Next Generation

Dark Reading
Fake DeepSeek Ads Spread Malware to Google Users

Dark Reading
High-Severity Cloud Security Alerts Tripled in 2024

Zero Day Initiative
MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities

ReversingLabs
AI coding tools weaponized: What your AppSec team needs to know

Google Security Blog
New security requirements adopted by HTTPS certificate industry

Krebs on Security
When Getting Phished Puts You in Mortal Danger

Palo Alto Networks
Is Your Browser Ground Zero for Cyberattacks?

TrustedSec
Getting the Most Out of Your API Security Assessment

Moonlock
Secret US war plans leaked in a Signal group chat by accident

Moonlock
How to scan Chrome for viruses and remove them permanently